A web mashup is a web page or web application that uses and combines data, presentation or functionality from two or more sources to create new services. The main characteristics of a mashup are combination, visualization, and aggregation. Users to make existing data more useful, for personal and professional use. Web mashups and other composite applications enable dynamic web contents and enrich user experiences. This is especially the case for mobile users and workers, e.g., sales force, with most of the mobile applications moving to web-based applications to improve information sharing and increase productivity.
While web mashups and other composite applications being an enabler to better user experience, they also bring challenges to user experience due to the security controls. Herein, mashups and composite applications will be referred to as composite applications considering mashups are one type of composition. These challenges arise because composite applications combine multiple existing functions and/or data from different origins into a new application or new web content, and most of the time the source functions and/or data are not necessarily used for their original reason or purpose.
As a security precaution, web browsers perform web server certificate validation. The web browser provides multiple user prompts for the user to decide on whether or not to allow web contents from sites based on the verification results. For example, a user is often prompted with status of digital certificates of multiple sources that produce the result content based on certificate verification results from the browser. This is at a minimum, an annoying user experience, especially for mobile sales workers who use their mobile devices to increase productivity in what they call “micro-moments.” During these “micro-moments” mobile sales workers have just a few seconds to look something up, or post something, etc. However, complicated certificate verification or other authentication processes may cause mobile users to abandon the effort.
In addition the certificate verification prompts provided to users are also a security concern to average users. Users may keep clicking on “allow website/content” to go through the process if they want to get the results. In addition to user annoyance and security concerns, it is also a burden for enterprise IT to manage web certificates and push the management controls to the client when exacerbated by the mashups.